The number of security incidents involving mobile devices has increased over the past year, but companies are not protecting their mobile assets as well as they do other systems. One in three organizations admitted to suffering a compromise due to a...

Digitally transforming enterprises are now able to seamlessly integrate a myriad of service providers and business partners globally through diverse private interconnections. Equinix’s Global Interconnection Index volume 2 (GXI2)...

Networking vendor Juniper Networks has rolled out a new security architecture that will connect and operate with an enterprise customer's existing stack of products.
Named ‘Juniper Connected Security’, the open platform automates...

Rapid digitalisation has resulted in a surge in both the number of endpoints and the means by which cybercriminals can infiltrate enterprise networks. Around the globe, the total financial damage due to cybercrimes is predicted to reach $8 trillion...

Topic

Global supply chains and trade networks are becoming more complex as a result of shifting patterns within the logistics industry, including changing demands of vendors and customers.
In reality, not all businesses are able to navigate these...

Public cloud services are a strategic weapon for CIOs. More than a way to cease operating data centers, the public cloud offers CIOs the ability to focus on strategic projects aimed at boosting the bottom line.
“As organizations pursue new...

Microsoft introduces integrated Darktrace-a-like, Azure Sentinel

Microsoft has announced an AI-powered security solution called
Sentinel that is designed to integrate with the Azure public
cloud platform, to comb for and predict threats from large
volumes of data at enterprise scale.

The company announced the platform ahead of the major RSA
security conference taking place in San Francisco next week.
Sentinel works only with an Azure subscription, where Microsoft
said it will provide a "fully integrated experience in the Azure
portal" to augment existing services such as Azure Security
Centre and Azure Machine Learning.

Microsoft claimed that by running Sentinel, the company has seen
an "overall reduction of up to 90 percent in alert fatigue" with
early adopters, i.e. it is supposedly cutting through the noise
and surfacing actual threats rather than false positives.

To put it (perhaps too) crudely, you could think of Sentinel as a
Darktrace-a-like for existing Azure customers who want to plump
for Azure expertise straight from the source rather than
externally, although it will work with third-party providers,
such as security and event management vendors, as well as
workflow management systems such as SystemNow.

The idea is that it will provide an "extensible architecture" to
"support custom collectors through REST API and advanced
queries", so an organisation's existing data can feed into
Sentinel for better customisation.

However, it's clear that the product could carve a niche in
mostly Microsoft shops: Sentinel can, for example, integrate with
Office cloud data such as that pulled from email spam.

Microsoft is promoting Sentinel's ability to operate at scale,
too, as well as the usual messaging about freeing up employee
time by automating the dreary tasks. The company says on the
Sentinel website: "Invest in security, not infrastructure setup
and maintenance, [with the] first cloud-native SIEM from a major
public cloud provider.

"Never again let a storage limit or a query limit prevent you
from protecting your enterprise."

The major cloud players are increasingly touting their security
nous as major selling points for their platforms. Bloomberg notes
that Microsoft stressed how it was recently integral in helping
finance companies head off hacks that were siphoning money to
"foreign bank accounts", as well as hobbling systems in the
process.

The company also announced Microsoft Threat Experts, which is a
service that sits in Windows Defender ATP to provide "managed
hunting" to "extend the capability of a businesses' security
operations centre team" - looking for indicators of successful
attacks within company data.